summaryrefslogtreecommitdiff
path: root/bcprov/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java
diff options
context:
space:
mode:
Diffstat (limited to 'bcprov/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java')
-rw-r--r--bcprov/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java11
1 files changed, 10 insertions, 1 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java b/bcprov/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java
index 44f838b2..920611bc 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java
@@ -95,7 +95,8 @@ public class DSASigner
BigInteger k = kCalculator.nextK();
- BigInteger r = params.getG().modPow(k, params.getP()).mod(q);
+ // the randomizer is to conceal timing information related to k and x.
+ BigInteger r = params.getG().modPow(k.add(getRandomizer(q, random)), params.getP()).mod(q);
k = k.modInverse(q).multiply(m.add(x.multiply(r)));
@@ -163,4 +164,12 @@ public class DSASigner
{
return !needed ? null : (provided != null) ? provided : new SecureRandom();
}
+
+ private BigInteger getRandomizer(BigInteger q, SecureRandom provided)
+ {
+ // Calculate a random multiple of q to add to k. Note that g^q = 1 (mod p), so adding multiple of q to k does not change r.
+ int randomBits = 7;
+
+ return new BigInteger(randomBits, provided != null ? provided : new SecureRandom()).add(BigInteger.valueOf(128)).multiply(q);
+ }
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-10 03:44:26 +0000